Made In Ontario- Provincial Privacy Law

Ontario is Canada’s most populous province and one of the thirteen provinces. The capital of Ontario is Toronto, it is located in Central Canada and borders the U.S.A.

There are several talks about Privacy laws all around the world and Canada is definitely not behind; rather it has the oldest provincial privacy law for the province of Quebec which absolutely came into force in 1994. PIPEDA is the Federal law for Canada and there are some other provincial laws enforced in British Columbia, Quebec, Alberta. 

Picture Credit- https://www.smartcitiesworld.net

It is pertinent to note that the health information laws are available in New Brunswick, Newfoundland & Labrador, Nova Scotia, Ontario. 

Ontario is the province of Canada where no Privacy laws are available as of now so technically PIPEDA (Federal Privacy Law) is applicable. There are two sets of privacy laws applicable in different scenarios, one in case of Public organization and another in case of Private organization. 

In case of Public organizations following laws are applicable-

  1. Freedom of Information and Protection of Privacy Act (FIPPA)
  2. Municipal Freedom of Information and Protection of Privacy Act (MFIPPA)
  3. Personal Health Information Protection Act (PHIPA)
  4. Part X of the child, Youth and Family Services Act (CYFSA)

In case of Private organizations (handling of Personal Information by Consumers & Businesses) there is no such province based law in Ontario hence, they are governed by PIPEDA (Personal Information and Protection of Electronic Documents Act). However, seeing the need and demand of Ontarians, the law making body of the province has come up with Bill 14 for the enactment of Personal Information Protection Act, 2018. 

The document is titled on its head as “An act with Respect to The Custody, Use, Disclosure of Personal Information”. Upon few readings the Bill 14 was kept for public reviews and an online survey ran from 13th October 2020 to 16th October 2020. The committee also invited technical experts and representatives of organizations (who would be impacted by the enactment) to submit their written submissions. Below is the link to read the whole document- 

https://www.ola.org/sites/default/files/node-files/bill/document/pdf/2018/2018-03/bill—text-41-3-en-b014_e.pdf

Key Provisions under the Act

  1. The applicability of the provisions seems a topic of the discussion as it applies to non-commercial activities as well for eg.- non profit organizations, Charities, Political Parties etc.
  2. Implicit consent (Part III)- this is a deeming provision which makes the consent valid by necessary implication.
  3. The act provides right to request correction of personal information
  4. Provisions for accuracy, protection and retention of personal information (Part IX)    
  5. Establishment of advisory committee by the commissioner 
  6. Provisions for Penalties (this provisions seems to be taken in the wake of GDPR, PIPEDA and Provincial Privacy Laws where the penalties are mentioned in the statutes)

As we can see there may be numerous changes and compliance would be in line from the date of its enforcement. Therefore, if you are the business entities established in Ontario then you should start developing the new compliance as per the need and requirements of Bill 14.